CVE-2022-36443

An issue was discovered in Zebra Enterprise Home Screen 4.1.19. The device allows the administrator to lock some communication channels (wireless and SD card) but it is still possible to use a physical connection (Ethernet cable) without restriction.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://excellium-services.com/cert-xlm-advisory/CVE-2022-36443	Third Party Advisory
https://www.zebra.com/us/en/products/software/mobile-computers/mobile-app-utilities/enterprise-home-screen.html	Product
https://excellium-services.com/cert-xlm-advisory/CVE-2022-36443	Third Party Advisory
https://www.zebra.com/us/en/products/software/mobile-computers/mobile-app-utilities/enterprise-home-screen.html	Product

Configurations

Configuration 1 (hide)

cpe:2.3:a:zebra:enterprise_home_screen:4.1.19:*:*:*:*:*:*:*

History

21 Nov 2024, 07:13

Type	Values Removed	Values Added
References	~~() https://excellium-services.com/cert-xlm-advisory/CVE-2022-36443 - Third Party Advisory~~	() https://excellium-services.com/cert-xlm-advisory/CVE-2022-36443 - Third Party Advisory
References	~~() https://www.zebra.com/us/en/products/software/mobile-computers/mobile-app-utilities/enterprise-home-screen.html - Product~~	() https://www.zebra.com/us/en/products/software/mobile-computers/mobile-app-utilities/enterprise-home-screen.html - Product

08 Aug 2023, 14:22

Type	Values Removed	Values Added
CWE	~~CWE-269~~	NVD-CWE-Other

Information

Published : 2023-01-10 21:15

Updated : 2024-11-21 07:13

NVD link : CVE-2022-36443

Mitre link : CVE-2022-36443

CVE.ORG link : CVE-2022-36443

JSON object : View

Products Affected

zebra

enterprise_home_screen

CWE

NVD-CWE-Other

{"id": "CVE-2022-36443", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2023-01-10T21:15:11.823", "references": [{"url": "https://excellium-services.com/cert-xlm-advisory/CVE-2022-36443", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.zebra.com/us/en/products/software/mobile-computers/mobile-app-utilities/enterprise-home-screen.html", "tags": ["Product"], "source": "cve@mitre.org"}, {"url": "https://excellium-services.com/cert-xlm-advisory/CVE-2022-36443", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.zebra.com/us/en/products/software/mobile-computers/mobile-app-utilities/enterprise-home-screen.html", "tags": ["Product"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Zebra Enterprise Home Screen 4.1.19. The device allows the administrator to lock some communication channels (wireless and SD card) but it is still possible to use a physical connection (Ethernet cable) without restriction."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en Zebra Enterprise Home Screen 4.1.19. El dispositivo permite al administrador bloquear algunos canales de comunicaci\u00f3n (inal\u00e1mbrica y tarjeta SD), pero a\u00fan es posible utilizar una conexi\u00f3n f\u00edsica (cable Ethernet) sin restricciones."}], "lastModified": "2024-11-21T07:13:01.443", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:zebra:enterprise_home_screen:4.1.19:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "08EE3278-E7CF-411F-92B6-9F44603CAA75"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}